Email Security: Protecting Your Personal and Small Business Accounts
Email is an essential communication tool for both personal and business use. It's crucial to protect your email accounts from cyber threats such as hacking, phishing, and spam. In this article, we'll discuss the importance of email security and provide recommendations for both personal and small business users to secure their accounts.
Personal Email Security Considerations
Are You Sick of Ongoing IT Issues?
Like a persistent cough or muscle strain that won’t go away, many IT issues prove ongoing. Every time they come back you think about getting an expert’s opinion. Then, the cough fades, you can walk freely again, or your computers are back up and running. You keep on going. Until the next time. If you’re sick of ongoing issues with your IT, look to a Managed Service Provider (MSP) for help.
There are many IT ailments that can negatively impact your ability to do work. Let’s consider some of the particularly common ones, and why an MSP is the right prescription.
#1 Network and Internet issues.
Business is done online these days. Not being able to connect to the network and slow connections are frustrating. Without the Internet, how can you do your job? You can’t even check and send emails! Let alone access team documents or enter data into cloud-based accounting software. A lagging network also slows down application and data loading time. It may only be a few moments of thumb twiddling. But add that up over several times a day and multiple by employees. You’re looking at a decrease in productivity that adds up.
An MSP has the know-how to survey the IT environment for what's causing these frustrations. When there’s a problem, they’re at the ready to resolve it and help improve reliability.
#2 Repeated malware infections.
This can mean a couple of things. First, you don’t have effective system and application protections in place. These attacks shouldn’t be able to make it through the door in the first place. With the right firewalls, anti-spam, and protections, you should be able to keep your system on lock down. You don’t have to do this yourself. Your internal IT team has a lot to manage and monitor. Gain expert backup with an MSP reviewing your security protocols to keep the bad guys at bay.
Secondly, educate employees about the dangers of social engineering. Don’t let them keep falling for the pretexts and downloading malicious files. Also, ensure passwords are strong enough to avoid adding another point of entry.
#3 Printing problems.
Many businesses are printing less today, but we’re not done with hard copies entirely. So, when a printer starts whirring, spinning endlessly, or can’t connect, efficiency halts. Know that printers sold at big box stores are consumer grade quality. Avoid printer frustrations with solid business-class printers (which your MSP can identify).
#4 Application overload.
Maybe some of your employees prefer Dropbox. Others rely on their free Gmail accounts. This hodgepodge of options can cause chaos. Staff have difficulty remembering the passwords to all of the accounts they need. So, they simplify, and that makes their accounts more hackable.
Upgrading to business-grade versions of important applications is easier with an MSP. They'll help identify the software that best addresses your business needs.
#5 Aging technology.
You’ve had your current computers for ages. They are slower than you’d like, but you don’t have the time to look for something else. Plus, you can’t imagine having to learn something new. You’re too busy. But aging tech is more likely to fail, which could prove catastrophic if you don’t have the right systems backup.
MSPs know IT. Based on your individual business needs, they can suggest a plan of attack to update the IT and keep it secure. They can also provide backup strategies to prepare for the worst and recover quickly.
Basically, a managed service provider has your back when it comes to IT. Work with experts who focus on technology day in and day out. You’ll typically save money and gain time to spend innovating in your field.
Gain a competitive advantage with the support of an MSP. Check Pro+Tech today!
A single click can be the difference between maintaining data security and suffering massive financial losses. From the moment just one employee takes the bait in a phishing email, your business is vulnerable to data breaches and extensive downtime.
Quickly spot the red flags and put phishing emails where they belong:
1. Poor spelling and grammar
While occasional typos happen to even the best of us, an email filled with errors is a clear warning sign. Most companies push their campaigns through multiple review stages where errors are blitzed and language is refined. Unlikely errors throughout the entire message indicate that the same level of care was not taken, and therefore the message is likely fraudulent.
2. An offer too good to be true
Free items or a lottery win sure sound great, but when the offer comes out of nowhere and with no catch? There’s definitely cause for concern. Take care not to get carried away and click without investigating deeper.
3. Random sender who knows too much
Phishing has advanced in recent years to include ‘spear phishing’, which is an email or offer designed especially for your business. Culprits take details from your public channels, such as a recent function or award, and then use it against you. The only clues? The sender is unknown – they weren’t at the event or involved in any way. Take a moment to see if their story checks out.
4. The URL or email address is not quite right
One of the most effective techniques used in phishing emails is to use domains which sound almost right. For example, [microsoft.info.com] or [pay-pal.com]
Hover over the link with your mouse and review where it will take you. If it doesn’t look right, or is completely different from the link text, send that email to the bin.
5. It asks for personal, financial or business details
Alarm bells should ring when a message contains a request for personal, business or financial information. If you believe there may be a genuine issue, you can initiate a check using established, trusted channels.
While education is the best way to ensure phishing emails are unsuccessful, a robust spam filter and solid anti-virus system provide peace of mind that your business has the best protection available.
Why 2-Factor Authentication is Important
You hear about hacks all the time. The news covers major websites who have had data leaks containing your email and password. Computers get infected and capture your login details for bank accounts and credit cards. In the worst cases, identity theft occurs because it is an easy crime to commit with a high reward.
In 2018, the passwords you used to trust to keep the bad guys out of your accounts are not enough anymore. Cyber attackers now use methods such as phishing, pharming, and keylogging to steal your password. Some have the power to test billions of password combinations.
If you’re like the majority of people, you use the same password for several websites. That means anybody who has figured out that password has access to everything you’ve logged into with it. In a time when it is extremely easy to look up what a person named their first pet or high school mascot, security questions aren’t much help.
Consider how a jewelry store operates. They don’t simply keep their valuables locked away with one key. There are alarms ready to be triggered, motion detectors, and sometimes even bars on the windows. Your data is valuable, just like jewelry. You need more than one line of defense to protect it.
In the computer world, your second line of defense (after your username and password combination) is called “2-factor authentication.” Sometimes referred to as multiple-step or multi-factor verification, 2-factor authentication is a way to double check a person’s identity. This can be enabled every time a person logs in or just under certain circumstances. For example, signing in from a new device or different country might trigger 2-factor authentication.
Many of the services you may already use, such as Facebook, Gmail, Xero Accounting, and more, have 2-factor authentication options. If your bank has ever sent you a special code through text or email to enter before logging in, you’ve already used a type of 2-factor authentication. They can also be in the form of a smartphone app or a physical electronic dongle.
2-factor authentication is absolutely crucial for online banking, email, and online shopping such as Amazon or PayPal. It’s also a must-have for cloud storage accounts (like Dropbox or Sync), password managers, communications apps, and productivity apps. This is especially true if you frequently use the same passwords for different websites and apps.
Some may consider 2-factor authentication unnecessary for social networks, but these are actually very important to keep safe. For ease, a lot of websites and apps allow you to sign up through your Facebook or Twitter account. You need to keep these networks safe so that somebody with your password can’t suddenly get into every account you have linked.
The point of using 2-factor authentication is to make hackers’ lives harder and prevent them from getting into your accounts. If they have captured your login username and password, they still need a second device to get in, especially when the computer or phone they are using has never logged into your account before. This makes it significantly more difficult for anybody to breach your account.
Plus, if you receive a notification with a special code to enter for logging in, and you weren’t trying to log into that account, you have a good signal that somebody else was trying to get in. That means it’s time to change that password and be grateful you had 2-factor authentication.
It’s unfortunate that there is currently an abundance of skilled hackers ready to take advantage of those unprepared. Luckily, you can still stop them -even if they have your login information at hand. 2-factor authentication is one of the easiest methods to keep your accounts safe.
Keeping Tabs on Children's App Purchases
Children today have grown up surrounded by technology their entire lives. Since before they are old enough to read they can pick up a tablet or smartphone and swipe at apps and games with ease. Modern kids have an intuitive understanding and ability with technology that older generations can barely imagine. The abundance of technology, however, comes with a price.
Easy access to any marketplace can be a double-edged sword. The convenience and ease of use is a boost to those of us needing a quick app, but accidental purchases can cause a lot of headaches. One-click online shopping was once one of the biggest dangers our bank account faced. Now, many of us carry multiple devices, each with their own marketplace and app stores.
With modern tech, mobile applications, whether on iOS or Android devices, are easier than ever to buy and download. So simple in fact, that a child could do it.
Designed to Appeal - Children love to download mobile applications that feature their favorite characters, cartoons and TV shows. Advertisements are aimed specifically for children in ways that will invite them to click a link and instantly download a game.
These games are typically free, meaning they don't require authentication by default before downloading. A new game can be downloaded, installed, and ready to run seconds from clicking an ad.
Developers commonly use, what is known in the business as, a 'freemium' model. This means that the game is free to download and start, but inserts paid 'upgrades' designed to make the player part with cash.
Freemium Games - Upgrades to games may unlock more levels, purchase an in-game currency, or outfit a character with special attributes. Competitive online games commonly employ a strategy that gives paying players an unfair advantage over ones who don't pay. This is often referred to as 'pay-to-win' and entices players to spend more to get on the same level.
Many mobile-based games are designed purely to encourage in-app purchasing. Some deliberately design a deceptive or tricky user-interface that makes it easy to miss-click or make purchases by accident.
There are regular stories in the news featuring kids spending thousands on in-app purchases for virtual characters. In some cases, children can use real-world money to buy items thinking they are spending in-game currency.
Apps to Help - Of course, it's unfair to give all applications a lousy name. Many deserve it, but not all apps are guilty of behaving badly. There are fitness apps, productivity apps, and educational apps that can act as useful tools to help enhance your day. Children can get a lot from high-quality applications in the same way educational software for the computer can be a huge classroom boost.
Getting the most out of your phone or tablet is about keeping your device safe against applications designed merely to take your money.
Secure Your Device - The best step you can take to prevent running up enormous app bills is to disable in-app purchases on your devices. This prevents apps from being able to take funds for digital items. The process to do this is simple, takes less than 2 minutes, and can save you huge amounts.
Safe Apps - With these options enabled, whether using an iOS or Android device, your phone or tablet is safe from app purchases in any hands.
Why Do People Create Viruses?
Why Do People Create Viruses?
You’d be right in thinking it’s hard to program a computer virus that can spread across the world in a flash - we’re talking days of constant desk-jockey nerd-work. So why do they bother? Well, it generally comes down to 3 reasons: Money, showing off their skill, or to simply being a jerk. While showing off or being a jerk is pretty self-explanatory, the money side is fascinating.
Here’s how people are making money with computer viruses:
Bank account theft: Virus creators are more than happy to help themselves to your bank details, sneaking in to grab your login details or credit card info. They can either transfer your funds away or use your credit card details to go on a shopping spree. Sometimes they’ll leave the fun to another person though, and simply sell your details to the highest bidder.
Ransomware: Rather than a financial snatch and grab, sometimes a virus will encrypt your files and demand money for the unlock code. Without a true backup plan in place beforehand, you’re at their mercy. You’ll be given very helpful information on how to pay, plus a firm deadline before your files are destroyed permanently.
Ad swappers: A cheeky technique, this is when they create a virus that either puts annoying ads on websites you visit, or places affiliate codes on pages so that when you buy something legitimately – eg, from Amazon – they get a percentage as a ‘referral fee’. Their kickback doesn’t make your purchase cost more and you may not even know you’re supporting their activities.
Bitcoin mining: You might have heard of digital currencies being used for payment, but did you know you can also earn them with your computer processing power? Unfortunately, ‘renting’ out your computer’s processing power means paying more in running costs than you’d make – unless you were very clever and sneaky, and used a virus to rent out other people’s computers.
Botnets: Certain infected computers can be remotely controlled to do whatever the virus creator wants. In this case, they’ll usually set the infected bot computers to overwhelm a target web server, like an e-commerce store. Sometimes it’s done as revenge, but more often it’s blackmail. The ‘Botmaster’ says “pay me thousands of dollars or I’ll crash your site during the biggest shopping day of the year.”
Account stealing: Subscription accounts like Netflix and Hulu are often hijacked, leaving you to pay the bill for someone else’s entertainment. But sometimes, virus creators go one step further with online gaming accounts. All those digital items that you fought so hard for (special clothing, weapons etc.) can carry real world value and be stolen from your account and sold on a black market. Yes, that’s cheating!
If you're worrying about your protection online, make sure to check out our Pro+Tech Managed Services.
5 Ways Managed Services Can Grow Your Business
Managed Service Providers (MSPs) help businesses take a proactive approach to managing their technology without the expensive step of hiring an in-house team. Your MSP is essentially a collection of niche technology experts working behind the scenes to keep your data safe, generate solutions to IT problems and keep your software updated. Even larger businesses who already have an IT person will often call in an MSP when daily support becomes overwhelming or a specific certification is required.
Let’s explore 5 specific business breakthroughs an MSP can give you:
1. It’s extremely cost-effective: There’s only so much in the budget for IT and responding to events on a break/fix basis will quickly exhaust your accounts.
An MSP works by getting ahead of problems before they occur – making equipment last longer, defending against costly security breaches and keeping the business up and running. Instead of calling for a repair at a high hourly rate, you get a wide array of expert services for one predictable monthly fee.
2. You have access to multiple experts: Businesses usually end up adding extra tasks to an unqualified but enthusiastic employee’s workload, resulting in costly problems. With MSPs, you have access to many people who are experts in very specific areas, and your existing staff can focus on tasks within their job description.
3. Speedy problem resolution: Downtime and business don’t mix, so your MSP will provide a reliable expert on call (usually with 24/7 options) to troubleshoot and resolve any problems. Much of the time, you can also skip the delay of an on-site repair with rapid remote support available in just moments.
4. Fewer problems: A large part of your MSPs service is fixing problems before they happen. While fixing things as they break isn’t the worst approach to IT management, it generally means you’re also suffering productivity losses, downtime and losing money by the second.
Your MSPs primary goal is to ensure these problems are avoided completely, through system monitoring and robust security measures. They’ll also make sure every important software update and security patch is applied immediately, closing breach points and keeping your business safe.
5. Shared responsibilities: As your business grows, so will your IT systems. A good MSP is on top of what your future needs will look like and knows which products and infrastructure are suitable to help you get there. Your MSP doesn’t just monitor your system and repair as required; they share responsibility for your system. This means measuring, reporting, analyzing and optimizing, working with you to introduce new technologies and processes.
Depending on your level of contracted services, your MSP can actually become a catalyst for growth.
Sounds good, doesn’t it? With managed services, your business always has the maximum security against threats, downtime and productivity drops. But for the savvy business owner, it’s also a way you can afford to leverage cutting-edge technologies, with complete peace of mind and ongoing support.
Boost your business with managed services. Check out our Pro+Tech!
You’ll know if you’re a victim of ransomware. Often you’re met with a red screen telling you your business files are encrypted. You won’t be able to do anything on the computer, although the cybercriminals will provide helpful instructions for how to pay up. How nice. Here’s what to do instead if you’re the victim of a ransomware attack.
Cybersecurity Ventures predicts ransomware will impact businesses every 11 seconds in 2021. Yes, you read that right. That’s up from every 14 seconds in 2019. Another research company reported ransomware increasing 485% year-over-year in 2020.
Know that it’s widely considered a bad idea to pay the ransom, because you’re rewarding the cybercriminal. Plus, you can’t even be sure that they will provide the encryption key needed to regain the use of your files. What! You were going to trust the bad guys?
The Important First Step
The first thing you’ll want to do is make it all go away. Yet wishful thinking is not going to get the job done. Instead, you’re going to have to turn immediately to your disaster response plan, because, of course, you have one of those already. Really, don't underestimate the value of planning in advance for IT infrastructure compromise. Doing it proactively means calm, considered decisions rather than reacting in a crisis.
Step one is going to be identifying the systems involved and isolating them. Once you detect a compromise, limit the spread of infection by disconnecting the devices affected. Ideally, you take only a few computers offline or disconnect an individual network. Even in a large-scale compromise, remove all affected devices from the network to contain the malware.
As part of the isolation, don’t forget to disconnect any connected devices such as storage drives. The ransomware infection will even seek out USB thumb drives.
Power down only the affected devices if you are unable to disconnect them from the network. Why? Because turning them off means you might lose potential evidence.
Malicious actors may be monitoring your business communications. So, move offline to coordinate your response. Phone calls or text messaging will work, or personal email accounts.
Don’t attempt to restore critical systems until you have identified and isolated. After that, your business can move into triage mode. Prioritize what to restore, and recover using your data backup (again, of course, you have one of those, too). Consider how critical each system is for health and safety and revenue generation. Then, get to work restoring systems in an efficient, organized fashion.
Minimizing Ransomware Risk
Ransomware is a major threat to every business sector, and you don’t want to become the next victim. Common best practices include:
Businesses that partner with a managed services provider have someone supporting their efforts to cut ransomware risk. Plus, if the worst happens, the MSP’s IT experts are at the ready to identify and isolate. They can find the samples needed, determine the malware strain you are dealing with, and report the attack.
Your data backup should have recent copies of all information up to (or close to) the time of infection. So, once the MSP has removed all ransomware, they will wipe your systems and storage devices. They can swiftly reformat the hard disks and reinstall everything from scratch.
An MSP can help you plan ahead to contain the damage from a cyberattack. Let our IT experts install best practices, set up safe backups, and track activity on your network. Sign up for Pro+Tech today!
Fake Invoice Attacks Are on the Rise - Here’s How to Spot (and Beat) Them
Businesses around the world are being struck with a cyber-attack that sends victims a fake invoice that looks real enough to fool to most employees. It’s an old scam that used to see bills faxed or mailed in, but it’s made its way into the digital world and instances are on the rise.
Chances are you’ve already seen some of the less effective attempts, like an email advising your domain is expiring, except it’s not from your host and your domain is nowhere near expiration. These new attacks are more advanced, in that they look completely legitimate and are often from contractors/suppliers you actually use. Logos are correct, spelling and grammar are spot on, and they might even refer to actual work or invoice numbers. The sender name may also be the normal contact you’d associate with that business, or even a co-worker, as cybercriminals are able to effectively ‘spoof’ real accounts and real people. While it’s worrying that they know enough about your business to wear that disguise so well, a successful attack relies on you not knowing what to look for, or even that fakes are a possibility. With that in mind, here are two types of invoice attacks you might receive:
The Payment Redirect
This style of fake invoice either explicitly states payment should be made to a certain account, perhaps with a friendly note about the new details, or includes a payment link direct to the new account. Your accounts payable person believes they’re doing the right thing by resolving the invoice and unwittingly sends company money offshore. The problem usually isn’t discovered until the real invoice from the real supplier comes in or the transaction is flagged in an audit. Due to the nature of international cybercrime, it’s unlikely you’ll be able to recover the funds even if you catch it quickly.
The Malware Click - Rather than go for the immediate cash grab, this style of attack asks your employee to click a link to download the invoice. The email may even look like the ones normally generated by popular accounting tools like Quickbooks or Xero, making the click seem safe. Once your employee has clicked the link, malware is downloaded that can trigger ransomware or data breaches. While an up-to-date anti-virus should block the attack at that stage, it’s not always guaranteed, especially with new and undiscovered malware. If it does get through, the malware quickly embeds itself deep into your systems, often silently lurking until detected or activated.
How to Stay Safe
Awareness is key to ensuring these types of attacks have no impact on your business. As always, keep your anti-virus and spam filters up to date to minimize the risk of the emails getting through in the first place. Then, consider implementing a simple set of procedures regarding payments.These could include verifying account changes with a phone call (to the number you have on record, not the one in the email), double checking invoices against work orders, appointing a single administrator to restrict access to accounts, or even two-factor authorization for payments. Simple pre-emptive checks like hovering the mouse over any links before clicking and quickly making sure it looks right can also help. Like your own business, your contractors and suppliers are extra careful with their invoicing, so if anything looks off - even in the slightest - hold back on payment/clicking until it’s been reviewed. Fake invoices attacks may be increasing, but that doesn’t mean your business will become a statistic, especially now that you know what’s going on and how you can stop them.
If you're looking for a good anti-virus solution that includes local tech team on hand - try our offer!
Ransomware has become an undeniable threat to business growth, profitability and security. It’s a ruthless type of malware that locks your keyboard or computer to prevent you from accessing your data until you pay the ransom, which is usually demanded in untraceable Bitcoin. Cyber criminals are turning this type of attack into big business, raking in billions each year as many businesses have no choice but to pay up.
How does ransomware get into the network?
Surprisingly, it’s NOT those random USB drives floating around from unknown sources. That’s old school, and cyber criminals operate much more effectively now. The most common vehicle for ransomware attacks today are email and compromised websites.
One email is all it takes.
Infected websites aren’t always obvious.
Let’s face it, cyber criminals will infect any web page they can get their hands on, which is why of the less reputable sites should be avoided. But it’s not just about making sure you and your employees stick to suitable sites, mainstream websites can also carry ransomware infections ready to spread to all visitors. It’s happened before – in 2016 the New York Times, BBC & MSN homepages accidentally exposed thousands of web visitors when their infected site showed malicious ads.
What happens during an attack?
As soon as ransomware is in the door, it immediately scans local and connected drives (including connected backups) and encrypts thousands of files. Within minutes, everything from Office files to multimedia is locked up tight, inaccessible to all users – even admin. Then a notification appears demanding a ransom to unlock the files and gives helpful instructions on how to pay it. At this point, many businesses are on hold until the situation can be resolved. Typical options include: restoring from safe, external backups; wiping the entire system and starting again; or paying the ransom and learning a hard lesson in data security. Ransomware may not be fun, but it certainly makes for an interesting day at the office!
We can help you with a complete data security plan, including safe backups, virus protection, advanced firewalls and more. Find out more by visiting our Pro+Tech page.
3 Internet Habits to Keep Kids Smart and Safe
How can you make the internet a safer place for your children? It’s a common concern as all parents want their kids to be protected and happy whenever they go online. It’s relatively easy to supervise and monitor the very young ones as they stare delightedly at the Disney Jnr site, but the risks increase greatly as kids get older and more independent.
You’ve probably heard the term ‘cyber safety’ before, but safe internet usage goes beyond reminding them not to talk to strangers. With the evolution of the internet and the way it’s now woven seamlessly into our lives, the focus needs to be on ingrained habits. That means ensuring your children have the tools and predefined responses to online events so that no matter what happens, they’re not placing themselves (or your family) at risk. Setting up these habits is easy, and begins with three basic understandings:
Downloads are a no-go
Most kids can’t tell the difference between a legitimate download and a scam/malicious link. It’s not their fault, the online world is full of things that will trick even the most savvy adult. The difference is that kids tend not to take that extra moment to check exactly where that link is pointing, question whether it’s too good to be true, or even read what they’re agreeing to. They want to get back to what they were doing, and if something pops up, their first instinct is to click ‘yes’ - purely so it goes away. Unfortunately, that single ‘yes’ may have just opened the doors to malware and viruses that will ruin their computer. Set a family rule that they need to ask permission for all downloads (and an adult will check it first), and to never click a popup. When you’re called over to give download permission or check a popup, talk through exactly what you’re checking and why. As your child matures, get them involved in this process so their safe habits extend outside the home.
Critical thinking is a must
Most youngsters think the internet is a magical place and can’t imagine their life without it. To them, the internet is on the same level as oxygen! With that acceptance though, comes unwavering trust that the internet would never lie to them, never trick them and never hurt them. While we adults know better, it’s only because we already view the internet with a certain level of distrust. The best way to keep kids safe is to teach them to approach every aspect of the internet with critical thinking. That includes teaching them to question the motives of other people online. Is that person really a kid? What do they really want? Unfortunately, all kids do need to be aware that predators use the internet to target and lure children. Ensure your children tell you immediately if a stranger makes contact. Along with this stranger danger, teach them to identify what marks something as suspicious, and what they should avoid. If they come across anything inappropriate, they should shut down the computer and come straight to you.
The internet is forever
Kids have an overwhelming drive to contribute to the internet, they don’t think twice about recording a video, jumping in a chat room or onto social media. The world really is their playground! But what they don’t understand until they’ve been burned, is that anything they upload, write or say is on the internet forever. Even if they delete it or use a platform where content self-erases, someone can still screenshot and send it right back out. Many cyber-bullying cases are based around this exact type of blow-back. Once your kids know that everything they post is permanent, they’ll be more likely to pause and think.
We aim to provide helpful and easy to understand tech articles.